Cybersecurity and Data Protection Software Quality Engineer
Indexed description
The role will lead efforts to implement a Secure Product Development Framework (SPDF) and prepare documentation to support premarket submissions (De Novo, PMA, 510(k)).This individual has an understanding of cybersecurity standards and certifications in regulated healthcare, extensive knowledge of how cybercriminals work, and determination to never allow them access.
Key Responsibilities
- Regulatory Alignment & QMS Management: Provide guidance on QMS procedures to align with identified cybersecurity protection requirements, specifically integrating SPDF, threat modeling, and SBOM management into existing FMI Design Controls.
- Premarket Submission Support: Review and approve comprehensive cybersecurity documentation for regulatory compliance, including Security Risk Management Reports, Threat Models, and Security Architecture views
- Software Bill of Materials (SBOM) Management: Ensure the development and maintenance of compliant, machine-readable SBOM (e.g., SPDX or CycloneDX) for all software components, tracking vulnerabilities (CVEs) and managing supplier risks.
- Risk Assessment & Verification/Validation Oversight: Collaborate with Product Owners, System Owners, Information Security and Data Privacy to conduct cybersecurity risk assessments. Review and approve Cybersecurity and Data Protection requirements and verification results (vulnerability analysis, penetration testing) to ensure compliance with pre-determined acceptance criteria.
- Post-market Surveillance & Patching: Support the development and implementation of a comprehensive post-market, software system cybersecurity vulnerability monitoring plan. Review and approves SOPs for timely patching and updating of fielded devices.
- Cross-Functional Collaboration: Act as the subject matter expert (SME) advising FMI stakeholders on cybersecurity and data protection on medical device regulations, guidance’s, conformity and reference standards, and best practices during the entire Software Development Lifecycle (SDLC).
- Audit Preparation: Support internal and external audits (FDA, Notified Bodies) regarding software validation and cybersecurity compliance.
- Supplier Management: Collaborate with Product Owners, System Owners, Information Security and Data Privacy in the identification, selection and onboarding and management of suppliers to ensure that suppliers are capable of meeting the cybersecurity and data protection requirements of FMI.
- Quality Management System: Maintain documentation of security guidelines, procedures, standards, and controls.
- Bachelor’s degree (or equivalent) in information systems, information technology, or related field
- 2+ years of experience in software quality assurancer or cybersecurity at a midsize or large company in the healthcare or other regulated space.
- Deep knowledge of IT, including hardware, software, and networks
- Direct experience with regulatory or notified body cybersecurity submissions.
- Experience with ISO 13485, IEC 62304 (Medical Device Software Lifecycle), and ISO 14971 (Risk Management).
- Meticulous eye for detail and an ability to multitask in a fast-paced environment
- Strong abilities in critical thinking, problem-solving, logic, and forensics
- Excellent verbal and written communication skills
- Ability to work successfully in both individual and team settings
- Ability to think like a hacker in order to stay ahead of threats
- Understanding of HIPAA and importance of patient safety and data privacy regulations and guidelines
- Commitment to reflect FMI’s values: Integrity, Courage, and Passion
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search